New Zealand Ministry of Social Development Data Breach (2012)

What happened? On Monday the 15th of October the Ministry of Social Development received a USB containing 7,307 items downloaded from two kiosks. A team led by the Ministry’s Chief Legal Advisor then put in an intensive effort to analyse these items and categorise them based on the amount of personal information contained in them, and the sensitivity of that information. What did this team find? Information on the USB related to corporate data. Most were invoices with no client details. However, as outlined above around 1,432 items did contain some personal information. Of all these items, invoices relating to10 individuals contained highly sensitive information. Was there a privacy breach? Yes, in the sense that two individuals accessed people’s information that was of a personal nature. In the majority of cases, we have assessed the impact of the breach to be low as Keith Ng and Ira Bailey have assured us that the information was not further distributed and they have not retained copies. In the cases of the eight children and two adults whose invoices contained highly sensitive information – we will be working on how best to respond to these individuals. This approach is in accordance with the Privacy Commissioner’s guidelines.